<?php

require_once('../inc/utils.php');

function main()
{
	global $g_tplvars;
	$g_tplvars['title'] = 'Wish List';
	
	if(!isset($_GET['action']))
	{
		header('Location: wishlist.php?action=summary');
		exit;
	}
	
	//Look up our access
	restricted();
	if( ($_GET['action'] == '') || ($_GET['action'] == 'summary') || ($_GET['action'] == 'detail'))
		checkinvaccess('read');
	else
		checkinvaccess('full');
	
	//legal actions
	$actions = array(
		'summary',
		'create',
		'docreate',
		'confirm',
		'delete',
		'detail',
		'edit',
		'doedit',
		);
		
	if(!in_array($_GET['action'], $actions))
		summary();
	else
		$_GET['action']();
}

function summary()
{
	//Remember filters
	if(isset($_GET['vendor']))
		$_SESSION['vendor'] = sanitize_db(sanitize_render($_GET['vendor']));
	$vendor = $_SESSION['vendor'];
	if(isset($_GET['priority']))
		$_SESSION['priority'] = sanitize_db(sanitize_render($_GET['priority']));
	$priority = $_SESSION['priority'];
	
	//Build filter clause
	$filters = array();
	if($vendor)
		array_push($filters, "`vendor` = '$vendor'");
	if($priority)
	{
		$npri = enum_name_to_value('wishstatus', $priority);
		array_push($filters, "`priority` = '$npri'");
	}
		
	//add WHERE clause iff filter is not empty
	$filter = '';
	if(count($filters))
	{
		$filter = 'WHERE ';
		$first = true;
		foreach($filters as $f)
		{
			if(!$first)
				$filter .= 'AND ';
			$first = false;
			$filter .= $f;
		}
	}
		
	//Build sort clause
	$sort = 'order by `desc`';
	
	//Build list of active wishlist items
	$wishes = '';
	$r = dbquery('select * from `wishes` ' . $filter. ' ' . $sort);
	global $g_tplvars;
	$totalprice = 0;
	while($a = mysql_fetch_object($r))
	{
		foreach($a as $n=>$v)
			$g_tplvars[$n] = $v;
			
		$g_tplvars['spriority'] = enum_value_to_name('wishstatus', $a->priority);
		
		$p = $a->price * $a->qty;
		$totalprice += $p;
		$g_tplvars['price'] = str_replace(' ', '&nbsp;', sprintf('$%8.3f', $a->price));
		$g_tplvars['total'] = str_replace(' ', '&nbsp;', sprintf('$%8.3f', $p));
		
		$wishes .= templatize('../templates/wishlist-summary-item.html');
	}
	
	//Render filter clauses
	$sfilters = '';
	if($vendor)
	{
		$g_tplvars['name'] = 'vendor';
		$g_tplvars['value'] = $vendor;
		$sfilters .= templatize('../templates/wishlist-filter.html');
	}
	if($priority)
	{
		$g_tplvars['name'] = 'priority';
		$g_tplvars['value'] = $priority;
		$sfilters .= templatize('../templates/wishlist-filter.html');
	}
	
	$g_tplvars['filters'] = $sfilters;
	$g_tplvars['totalprice'] = sprintf('$%8.3f', $totalprice);
	$g_tplvars['wishes'] = $wishes;	
	render('../templates/wishlist-summary.html');
}

function create()
{
	global $g_tplvars;
	$g_tplvars['priority'] = enum_list('wishstatus', 0);
	render('../templates/wishlist-create.html');
}

function docreate()
{
	//Prepare input
	$desc = sanitize_db(sanitize_render($_POST['desc']));
	$link = sanitize_db(sanitize_render($_POST['link']));
	$vendor = sanitize_db(sanitize_render($_POST['vendor']));
	$priority = intval($_POST['priority']);
	$price = floatval($_POST['price']);
	$qty = intval($_POST['qty']);
		
	//Add to the database
	dbquery('insert into wishes(`desc`,`link`, `vendor`, `priority`, `price`, `qty`) values(\'' . $desc . '\', \'' . $link .
	'\', \'' . $vendor . '\', \'' . $priority . '\', \'' . $price . '\', \'' . $qty . '\')');
	
	//and go back to the overview
	header('Location: wishlist.php');
}

function edit()
{
	global $g_tplvars;
	global $g_config;
	
	//Grab info about the asset, make sure it exists
	$id = intval($_GET['id']);
	$r = dbquery('select * from `wishes` where `id` = \'' . $id . '\' limit 1');
	if(mysql_num_rows($r) == 0)
	{
		render('../templates/asset-not-found.html');
		exit;
	}
	
	//and render
	$a = mysql_fetch_object($r);
	foreach($a as $n=>$v)
		$g_tplvars[$n] = $v;
	$g_tplvars['priority'] = enum_list('wishstatus', $a->priority);
	$g_tplvars['price'] = sprintf('%.3f', $a->price);

	render('../templates/wishlist-edit.html');
}

function doedit()
{
	//Grab info about the asset, make sure it exists
	$id = intval($_POST['id']);
	$r = dbquery('select * from `wishes` where `id` = \'' . $id . '\' limit 1');
	if(mysql_num_rows($r) == 0)
	{
		render('../templates/wishlist-not-found.html');
		exit;
	}
	
	//Prepare input
	$desc = sanitize_db(sanitize_render($_POST['desc']));
	$link = sanitize_db(sanitize_render($_POST['link']));
	$vendor = sanitize_db(sanitize_render($_POST['vendor']));
	$priority = intval($_POST['priority']);
	$price = floatval($_POST['price']);
	$qty = intval($_POST['qty']);
		
	//Update it
	dbquery('update `wishes` set `desc` = \'' . $desc . '\', `link` = \'' . $link . '\', `price` = \'' . $price .
			'\', `vendor` = \'' . $vendor . '\', `qty` = \'' . $qty . '\', `priority` = \'' . $priority .  '\' WHERE `id` = \'' . $id . '\'');
	
	//and go back to the main page
	header('Location: wishlist.php?action=summary');
}

function confirm()
{
	global $g_tplvars;
	$op = sanitize_db(sanitize_render($_GET['confirm']));
	
	//Grab info about the item, make sure it exists
	$id = intval($_GET['id']);
	$r = dbquery('select * from `wishes` where `id` = \'' . $id . '\' limit 1');
	if(mysql_num_rows($r) == 0)
	{
		render('../templates/wishlist-not-found.html');
		exit;
	}
	
	//Get warning messages
	$g_tplvars['op'] = $op;
	$g_tplvars['id'] = $id;
	$g_tplvars['desc'] = mysql_fetch_object($r)->desc;
	if($op == 'delete')
		$g_tplvars['warning'] = 'This operation cannot be undone.';
	render('../templates/wishlist-confirm.html');
}

function delete()
{
	//Make sure it exists
	$id = intval($_GET['id']);
	$r = dbquery('select * from `wishes` where `id` = \'' . $id . '\' limit 1');
	if(mysql_num_rows($r) == 0)
	{
		render('../templates/wishlist-not-found.html');
		exit;
	}
	
	//Delete it
	dbquery('delete from `wishes` where `id` = \'' . $id . '\' limit 1');
	
	//and go back to the main page
	header('Location: wishlist.php?action=summary');
}
?>
